From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63662
Path: news.gmane.org!not-for-mail
From: Daiki Ueno <ueno@unixuser.org>
Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 05 Sep 2006 14:06:00 +0900
Message-ID: <99d9e329-f374-464a-baad-80c02d2a3382@broken.deisui.org>
References: <b4maca88q6i.fsf@jpl.org>
	<def1aabc-69b9-4b1d-bb84-e65c63540eac@well-done.deisui.org>
	<b4mmze82cse.fsf@jpl.org> <b4mwtdbfqob.fsf@jpl.org>
	<9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org>
	<b4mpsj3gw1s.fsf@jpl.org> <b4my7xrfg5o.fsf@jpl.org>
	<4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org>
	<87fyjz2gaj.fsf@pacem.orebokech.com>
	<v9iroj49cz.fsf@marauder.physik.uni-ulm.de>
	<v9mz9itt6y.fsf_-_@marauder.physik.uni-ulm.de>
	<8980fd83-08b6-4aef-97f2-a659cd2eadb2@well-done.deisui.org>
	<180dcf90-af71-4f6d-b0d0-57d364218c73@broken.deisui.org>
	<E1GJti6-0003U0-No@fencepost.gnu.org>
	<6d43cc51-e472-405c-b372-dba7ef5a914d@broken.deisui.org>
	<E1GKI5D-00005c-8Y@fencepost.gnu.org>
	<2234179d-6686-49f4-b38b-b06788041225@well-done.deisui.org>
	<854pvnsetc.fsf@lola.goethe.zz>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1157432798 25041 80.91.229.2 (5 Sep 2006 05:06:38 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Tue, 5 Sep 2006 05:06:38 +0000 (UTC)
Cc: Reiner.Steib@gmx.de, rms@gnu.org, ding@gnus.org, emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 05 07:06:36 2006
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1GKT8s-0003wr-3c
	for ged-emacs-devel@m.gmane.org; Tue, 05 Sep 2006 07:06:34 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1GKT8r-00039Q-Dg
	for ged-emacs-devel@m.gmane.org; Tue, 05 Sep 2006 01:06:33 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1GKT8S-00037k-Hy
	for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:06:08 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1GKT8Q-00036S-Ke
	for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:06:08 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1GKT8Q-00036O-FW
	for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:06:06 -0400
Original-Received: from [64.233.166.177] (helo=py-out-1112.google.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1GKTJ5-0004lx-Sy
	for emacs-devel@gnu.org; Tue, 05 Sep 2006 01:17:08 -0400
Original-Received: by py-out-1112.google.com with SMTP id d42so2350038pyd
	for <emacs-devel@gnu.org>; Mon, 04 Sep 2006 22:06:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:from:to:cc:subject:references:date:in-reply-to:message-id:user-agent:mime-version:content-type:sender;
	b=OuqKDY9N7bU53ChDCHXM7e8leEf3KsOVmgU7RVcrB6amzu+bFDO4DM+D9bn1YZd4ScLSfRkaKA5OCoO84B/BPArEC6SbxZHdR0jmyBQp12ddxer0IChJ4rRqeqc6Sel+7Pe07Lg6HYLpUuxZUywBTCchuEZTJedhjSXKAzciLo0=
Original-Received: by 10.35.105.18 with SMTP id h18mr9257853pym;
	Mon, 04 Sep 2006 22:06:05 -0700 (PDT)
Original-Received: from p360 ( [150.82.173.221])
	by mx.gmail.com with ESMTP id 7sm3945740nzo.2006.09.04.22.06.03;
	Mon, 04 Sep 2006 22:06:04 -0700 (PDT)
Original-To: David Kastrup <dak@gnu.org>
In-Reply-To: <854pvnsetc.fsf@lola.goethe.zz> (David Kastrup's message of "Mon\,
	04 Sep 2006 19\:48\:47 +0200")
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:59350 gmane.emacs.gnus.general:63662
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/63662>

>>>>> In <854pvnsetc.fsf@lola.goethe.zz> 
>>>>>	David Kastrup <dak@gnu.org> wrote:
> Daiki Ueno <ueno@unixuser.org> writes:

> > Second, (1) causes a problem which forbids using ISO-8859-1
> > characters in passphrases.  So he proposed (2), but it was not a
> > correct fix (passphrases should be encoded in locale-coding-system
> > rather than just making them unibyte) and it was not working before
> > the reversion.  I think this is not so important problem, since it
> > can be avoided by using ASCII only passphrases in practice.

> Passphrases exist outside of Emacs, and you don't have the option of
> just typing something else.

In theory you are right.  However, since GnuPG treats passphrase input
as a byte sequence not characters, if you set your passphrase on a
ISO-8859-1 terminal, you can't input the same passphrase on any UTF-8
terminals.

Anyway, I fixed it in Gnus CVS so that passphrases are encoded with
locale-coding-system.  I'm not sure if we should add a new user option
to control the encoding.

Regards,
-- 
Daiki Ueno